<?
session_start();
	
?>
<?php
$key=substr($_SESSION['key'],0,4);
$number = $_REQUEST['number_captcha'];
	//echo $number.'|'.$key;
include('config.php');
$username = $_COOKIE['username'];
$password=CleanSQLInjection($_POST['password']);
$password_new=CleanSQLInjection($_POST['password_new']);
$password_new2=CleanSQLInjection($_POST['password_new2']);

if($number==$key && $number != ''){
	
	
	
	if($password_new == $password_new2 && $password != "" && $password_new != "")
	{
			$check=mysql_query("Select * from account where id = '$username'");
			
			if(mysql_num_rows($check) >= 1 && $username != '')
			{		
				$sql = "UPDATE  account SET  password =  '$password_new' WHERE  id =  '$username'";
				$sql2 = "UPDATE  player SET  password =  '$password_new' WHERE  userName =  '$username'";
				
				//echo $sql."<br/>";
				//echo $sql2;
				mysql_query($sql);
				mysql_query($sql2);		
				$notice="Tài khoản $username thay đổi password thành công.";
				//header('Location: login.php');				
				
			}
			if(mysql_num_rows($check) == 0)
			{
				$notice="Tài khoản $username không tồn tại.";
			}
	}
	else
	{
		$notice = "Thay đổi mật khẩu thất bại";
	}
	
}
//echo $notice;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Đao Kiếm Vô Tình Online</title>
<link href="css/styles.css" rel="stylesheet" type="text/css"/>
<?
	global $error;
	echo $error;
	$error = '';
?>
</head>
<body>
<div id="container">
  <div class="close-beta"><img src="images/top_center.png" width="772" height="143" /></div>
  <div class="main-content">
    <div class="forum-main"> <a href="/"><img src="images/logo.png" width="220" height="249" /></a> <a href="http://diendan.daokiemvotinh.com" target="_blank">
      <div class="diendan">&nbsp;</div>
      </a> <a href="http://www.facebook.com/pages/%C4%90ao-Ki%E1%BA%BFm-V%C3%B4-T%C3%ACnh-Online/316889155100550" target="_blank">
      <div class="fanpage">&nbsp;</div>
      </a> </div>
    <div class="payment">
      <h1>Thay đổi thông tin tài khoản</h1>
      <span style="text-align:center"><?=$notice;?></span>
    </div>
    <div class="payment-left">
      <ul class="menu-payment">
        <a href="#">
        <li class="nap-the-cao active">&nbsp;</li>
        </a> <a href="#">
        <li class="lich-su-giao-dich">&nbsp;</li>
        </a> <a href="change-password.php">
        <li class="thong-tin-ca-nhan">&nbsp;</li>
        </a>
      </ul>
    </div>
  </div>
  <div class="bottom-image">&nbsp;</div>
</div>
<script type="text/javascript">
function validateForm()
{
 
	var x=document.forms["myForm"]["password"].value;
	var y=document.forms["myForm"]["password_new"].value;
	var z=document.forms["myForm"]["password_new2"].value;
	var provider = document.forms["myForm"]["provider"].value;

	if (x==null || x=='' || y==null || y==''|| z==null || z=='')
	  {  
	  alert("Can phai nhap du lieu cho mật khẩu");  
	  
	  return false;
	  }
} 
  

</script>
</body>
</html>

<?
	function CleanSQLInjection($string)
	{
		$string = strip_tags($string);
		
		if(get_magic_quotes_gpc())  // prevents duplicate backslashes
		{
			$string = stripslashes($string);
		}
		
		$badWords = array("/delete/i", "/update/i","/union/i","/insert/i","/drop/i","/http/i","/--/i");
		$string = preg_replace($badWords, "", $string);
		
		if(!is_numeric($string))
		{
			$string = mysql_real_escape_string($string);
		}
		
		return $string;
	}
?>

